Tencent Security has released a report (written in Chinese) describing a new malware attack by the name of “MrbMiner” on SQL Server instances exposed to the Internet with passwords that can be brute-forced. According to the report…
Background Fellow Microsoft MVP Troy Hunt (blog | Twitter) has been operating the website Have I Been Pwned (HIBP) for a number of years now. For the record, “pwned” is pronounced like “owned” but with a…
Behold! There’s a scary monster called skip‑2.0, announced by ESET: This backdoor targets MSSQL Server 11 and 12, allowing the attacker to connect stealthily to any MSSQL account by using a magic password – while…
In a previous post I wrote about storing password hashes in a database, which raises the question of how to convert an existing legacy password storage system to use hashes (or even no passwords!) without annoying the…
Recently I wrote: Don’t store passwords in a database. I stand by this statement. I expected a lot of flak because I didn’t explain myself. This post goes into a bit of an explanation of…
Hello, and welcome to today’s class on storing passwords in a database. Don’t store passwords in a database. Thanks for attending. Photo by James Sutton on Unsplash.